Oracle Snaps Up This Startup to Boost Cloud Security

Just before kicking off its annual Oracle OpenWorld tech conference, the database giant said it is buying Palerra, a startup that aims to help companies be able to use cloud computing resources securely. Terms were not disclosed.

Palerra’s product, called LORIC, is meant to ensure that applications and data stored across multiple cloud services is handled in a safe and secure manner. Palerra competes in a class of products known by techies as Cloud Access Security Brokers (CASBs). Competitors include Blue Coat and Netskope.

The company was co-founded by two former Oracle executives, Rohit Gupta and Ganesh Kirti.

The Santa Clara, Calif., company has raised about $25 million in venture funding, including a $17 million Series B round last year led by August Capital with contributions from past backers Norwest Venture Partners, Wing Venture Capital, and Engineering Capital.

Oracle orcl, which leads the market in databases, is nothing if not acquisitive. It bought Logfire, which offers cloud-based warehouse management capabilities for an undisclosed amount on Sept. 6. And it announced a $9.3 billion plan to buy NetSuite, which offers cloud-based enterprise resource management or inventory management and accounting software, in late July. NetSuite was also founded by former Oracle execs. Oracle co-founder Larry Ellison owned a big chunk of NetSuite.

As more companies of all sizes use online software from different sources, maybe Salesforcecrmfor sales, NetSuite for ERP, and Workday wday for human resources management, for example, there is a burgeoning need to make sure all those transactions are secure.

When insurers are determining whether to cover a house, they typically require an inspector to come do a walkthrough. The checkup helps underwriters assess what level of risk they’re taking on, and to draft policies accordingly.

UpGuard (née ScriptRock), a startup based in Mountain View, Calif., offers the digital equivalent of such evaluations for the cybersecurity market. The company’s tech has two components: One that crawls the public web and appraises an organization’s external digital risk factors (currently free of charge), and a second that searches inside a company to rate the quality of its internal system configurations and software (paid).

The firm then spits out reports and FICO-like “credit scores”—on a scale from zero to 950—representing snapshots of a client’s cyber risk.

UpGuard will announce a $17 million Series B fundraising round on Thursday, Fortune has learned. The round is co-led by new investor Pelion Venture Partners and existing investor Square Peg Capital with participation from Insurance Australia Group and existing investors, including Valar Ventures and August Capital.

“We give people simple overarching score to communicate risk in a consistent fashion,” says Mike Baukes, co-founder and co-CEO. Baukes started the company with his co-founder, Alan Sharp-Paul, in 2012 after the two had spent years in the financial services industry—predominantly involving compliance governance around M&A activity with large banks—in Australia and the United Kingdom.

“We went to lot of really bad meetings together and got angry together,” Sharp-Paul puts it bluntly. As the world grew more connected and the breaches became more frequent, “it became progressively harder for companies to trust what they have,” he says. So the pair got to work building a solution.

For more on insurance, watch:

UpGuard has about 100 customers to date, including ADP, Home Depothd, Williams-Sonoma wsm, Ciscocsco, Rackspace rax, Allianz, and the New York Stock Exchange. About 15 of those customers have signed up for the company’s “cybersecurity threat assessment reports” in addition to its regular internal assessments.

Christophe Attias, director of operations at Amadeus, a Spanish IT provider for the airline industry, tells Fortune that his company began using UpGuard to help manage and monitor IT system configuration issues in 2014. (The need for such supervision is underscored by Delta’s dal recent days of flight delays and cancellations.) Amadeus is now in talks to start receiving UpGuard’s security-scanning reports.

Garrett Koehn, president at CRC Insurance, one of the largest wholesale insurance brokers in the United States, tells Fortune that he uses the product to get a glimpse of prospective customer’s security postures. “I can ping, like a hacker does, and effectively look for vulnerabilities to webpages,” he says. At a glance, “that allows us to quickly and easily score companies,” he adds.

The cyber insurance market it heating up. Analysts expect it to hit $7.5 billion by 2020, according to PwC. UpGuard’s competitors include BitSight and Security Scorecard on the security assessment side, and Evolven on the IT configuration side.

Fortune asked Upguard to crunch some numbers on the companies topping this year’s Fortune 500 list. Here’s what external assessments look like for the leaderboard. (Cyber risk score—from zero to 950—in parentheses; higher is better.)

The data breach risk scores above are based on about 2,000 publicly available data points, according to a document explaining UpGuard’s methodology, shared with Fortune. These include things like making sure the company encrypts traffic with strong ciphers, uses up-to-date software, has valid certificate authorities, applies phishing protections, and keeps employees happy (as determined through sentiment analysis).

UpGuard’s founders stress, unsurprisingly, that the company’s paid internal scans provide an even better indication of a company’s resilience to electronic thievery. The point, says Baukes, is to “understand, discover, and control what you have.”

It’s been a good day for the Santa Clara, Calif. security company Palerra.

In addition to raising a $17 million Series B round of funding, the startup—formerly known as Apprity before leaving stealth in November—has gotten another feather in its cap. It has been named one of research firm Gartner’s “cool vendors in risk management,” along with two other firms: Australia-based Camms and CXOWARE in Spokane, Wash.

The Gartner ITtout is as much an endorsement of an emerging company’s technology as it is of its intangible aspects, like culture and success. “They’re a signal of what’s coming in the future,” says Gartner VP, Michele Cantara in a video explaining the distinction.

Palerra’s product—a browser-based “software as a service” platform that detects threats and anomalies and automatically works to mitigate them—is called LORIC. The technology uses data modeling to help manage users’ access to cloud services such as Amazon and Microsoft Office 365. By learning employees’ behavior and setting privileges, it aims to quickly detect and respond to suspicious activity.

Palerra co-founder and CEO Rohit Gupta tells Fortune that the company’s cloud-based automation is the company’s key selling point. “Emergency responders to critical situations like cyclones and stuff have automated procedures that kickstart under certain conditions,” he says. “Security is no different.”

“When you deal with velocity of threat proliferation,” he says, “automation is a more elegant way to do it.”

The company’s latest funding round was led by August Capital, a new investor. Other participators in the funding round include current investors Norwest Venture Partners, Wing Venture Capital, and Engineering Capital.

August Capital general partner Vivek Mehra, who previously invested in the online fraud prevention platform ThreatMetrix among other security startups, has also joined Palerra’s board of directors. Mehra says he is impressed with both Palerra’s product and its founders: Gupta and CTO Ganesh Kirti. “We like the tech and the team,” he tells Fortune. “They have deep experience based on what they had done at Oracle.”

Founded in summer 2013, the company now called Palerra has collectively raised $25 million so far. At the beginning of 2014, it received an $8 million Series A round of funding from investors including Promod Haque (at Norwest) and Gaurav Garg (at Wing Capital), who also notably funded the recently public security companies FireEye FEYE and MobileIron MOBL.

Gupta describes the Series B injection and the Gartner recognition as “a great shot in arm for the company.” He adds, “it allows us to continue investing in the sales and marketing side of things as we expand our customer base and the addressable market we’re going after and and as we continue to innovate.”

Gupta says he plans to use the money to double the team’s headcount (currently it has around 60 employees) by the end of the year.

Exclusive: August Capital leaving “opportunity” on the table

A growing number of venture capital firms have been raising so-called “opportunities funds,” which are designed to make larger bets either in existing portfolio companies or select growth equity plays. But Fortune has learned that one of the practice’s originators, August Capital, is going in the other direction.

Back in 2000, August took advantage of an opportunity to participate in a $2 billion buyout for hard-drive maker Seagate. The only problem was that its commitment took up around one-third of its fund, which is an exceptionally high percentage. So August later decided to begin raising $250 million side vehicles to handle such deals, and has done so for each of its last three fundraises (no fees are charged on the side-funds until capital is called).

But when August returns to market later this year to raise its sixth fund, there will be no sidecar. Two basic explanations, according to sources familiar with the situation: (1) Having multiple funds can create conflict among LPs. (2) For some of August’s smaller LPs and fund-of-funds, the extra commitment ties up capital that otherwise could be committed elsewhere, even though it might not be used (for example, the most recent sidecar wasn’t tapped).

No word yet on how much August is seeking to raise for its next fund, except that it will be smaller than the last one (i.e., smaller than the last core fund plus overage fund). Plus, it likely will have a higher concentration limit than do most traditional VC funds.